Ruby on Rails: What are Erubis' disadvantages and why isn't it packaged with Rails by default? How to set it up?
I just discovered Erubis, a replacement for the default view renderer for Ruby on Rails. However, from what I can tell from reading about it, it's superior across the board.
It is much faster.
It has ma开发者_如何学编程ny more options. It can prevent cross site scripting without having to use h.Does this have any disadvantages versus the standard erb renderer? Why isn't this the standard renderer packaged with Rails?
Also, the docs for Erubis say to install it just by installing the gem, and then add the following to environment.rb:
require 'erubis/helpers/rails_helper'
#Erubis::Helpers::RailsHelper.engine_class = Erubis::Eruby # or Erubis::FastEruby
Reading the docs, FastEruby seems to be just a faster renderer than Eruby. Why wouldn't it be default and used by everyone?
I'm highly interested in using the engine erubis::EscapedEruby which automatically calls h to escape html on fields from the database. Are there any gotchas I should be aware of or does this pretty much solve all cross site scripting?
The Rails team agrees. Erubis is the default in Rails 3 beta versions, and will be the default when Rails 3 is released. Yehuda Katz mentioned it in his blog, and Erubis is listed as a dependency for Action Pack in the current Rails 3 betas.
It's packaged by default as dependency gem in Rails4. You can find more details here: Ruby 2.1 with erubis Template Engine
精彩评论